diff options
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/keyringer/actions/genkeys | 30 | ||||
| -rwxr-xr-x | lib/keyringer/actions/pwgen | 4 | ||||
| -rwxr-xr-x | lib/keyringer/functions | 17 |
3 files changed, 31 insertions, 20 deletions
diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys index 634c847..deacbfd 100755 --- a/lib/keyringer/actions/genkeys +++ b/lib/keyringer/actions/genkeys @@ -34,23 +34,25 @@ function genkeys_ssh { function genkeys_gpg { echo "Make sure that $KEYDIR is atop of an encrypted volume." - passphrase="no" - passphrase_confirm="confirm" + #passphrase="no" + #passphrase_confirm="confirm" - while [ "$passphrase" != "$passphrase_confirm" ]; do - read -s -p "Enter password for the private key: " passphrase - printf "\n" - read -s -p "Enter password again: " passphrase_confirm - printf "\n" + #while [ "$passphrase" != "$passphrase_confirm" ]; do + # read -s -p "Enter password for the private key: " passphrase + # printf "\n" + # read -s -p "Enter password again: " passphrase_confirm + # printf "\n" - if [ "$passphrase" != "$passphrase_confirm" ]; then - echo "Password don't match." - fi - done + # if [ "$passphrase" != "$passphrase_confirm" ]; then + # echo "Password don't match." + # fi + #done + + keyringer_exec pwgen "$BASEDIR" "$FILE.passwd" + passphrase="`keyringer_exec decrypt "$BASEDIR" "$FILE.passwd"`" # TODO: insert random bytes # TODO: custom Name-Comment and Name-Email - # TODO: allow for empty passphrases $GPG --homedir "$TMPWORK" --gen-key --batch <<EOF Key-Type: RSA Key-Length: 4096 @@ -68,8 +70,8 @@ EOF $GPG --armor --homedir "$TMPWORK" --export-secret-keys | keyringer_exec encrypt "$BASEDIR" "$FILE" echo "Encrypting public key into keyringer..." $GPG --armor --homedir "$TMPWORK" --export | keyringer_exec encrypt "$BASEDIR" "$FILE.pub" - echo "Encrypting passphrase into keyringer..." - echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd" + #echo "Encrypting passphrase into keyringer..." + #echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd" if [ ! -z "$OUTFILE" ]; then mkdir -p `dirname $OUTFILE` diff --git a/lib/keyringer/actions/pwgen b/lib/keyringer/actions/pwgen index 3c03681..e1e8947 100755 --- a/lib/keyringer/actions/pwgen +++ b/lib/keyringer/actions/pwgen @@ -13,12 +13,12 @@ FILE="$2" # Generates a random passphrase function keyringer_pwgen { - ENTROPY_BYTES=${1:-20} # in bytes + ENTROPY_BYTES=${1:-40} # in bytes ENTROPY_SOURCE="${ENTROPY_SOURCE:-/dev/urandom}" # Strip possible newlines if output is wrapped. # Also strip trailing = signs as they add nothing to the password's entropy. - head -c $ENTROPY_BYTES $ENTROPY_SOURCE | base64 | tr -d '\n=' + dd bs=1 count=$ENTROPY_BYTES if=$ENTROPY_SOURCE status=none | base64 | tr -d '\n=' echo } diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 6f9a5e3..d529daf 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -161,7 +161,7 @@ function keyringer_set_tmpfile { if [ -z "$1" ]; then template="$tmp/keyringer.XXXXXXXXXX" else - template="$tmp/XXXXXXXXXX.$1" + template="$tmp/keyringer.$1.XXXXXXXXXX" fi mkdir -p "$tmp" @@ -192,27 +192,36 @@ function keyringer_shred { return fi + # Create our test target + local rmtest="$(mktemp)" + # Get shred implementation if which wipe &> /dev/null; then tool="wipe" elif which shred &> /dev/null; then tool="shred" + elif rm -P "${rmtest}" &> /dev/null; then + tool="rm -P" else # Worst implementation message="WARNING $message" tool="rm" fi + # Cleanup in case "rm -P" is never called or -P flag is unsupported + rm -f "${rmtest}" + echo "$message $path using $tool..." if [ -d "$path" ]; then - if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ]; then + if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ] || [ "$tool" == "rm -P" ]; then $tool -rf $path else - find $path -exec $tool -uf {} \; + find $path -type f -exec $tool -uf {} \; + find $path -depth -type d -exec rmdir {} \; fi else - if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ]; then + if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ] || [ "$tool" == "rm -P" ]; then $tool -f "$path" else $tool -uf "$path" |